4E 


IDEAS AT Work 

COMPUTERS / HILLEL SEGAL 

Accounting booklet 
explains PC security 


The accounting firm of Ernst & 
Whinney recently published a won¬ 
derful 20-page booklet for personal 
computer users called “Microcom¬ 
puter Security in Your Business.” 

To the firm’s credit, the booklet 
focuses on the one subject — per¬ 
sonal computer security — that 
usually is ignored until 
it’s too late. Further¬ 
more, the treatment of 
the subject is easy to 
understand and unin¬ 
timidating. 

Here are some high¬ 
lights: 

The first step in 
establishing security 
over your personal 
computers is to identify 
the business assets that 
the plan will secure. 
Documentation is especially im¬ 
portant in a PC environment be¬ 
cause the developer often is the 
sole user. If the developer changes 
jobs or quits, it is difficult for an¬ 
other user to run and maintain the 
application without documentation. 

✓ There are several overall se¬ 
curity objectives that apply to all 
companies that use PCs: control¬ 
ling errors, maintaining confidenti¬ 
ality of information, and providing 
continuity of operations. Again, 
people typically concentrate on 
just one of these areas — most 
commonly continuity by providing 
backups — while neglecting error 
control and confidentiality. 

✓ Step two provides you with 
plenty of motivation to implement 
a security program. A simple chart 
— the exposure-ranking table — 
lets you evaluate your potential for 
loss in various areas. You mark 
whether your risk of loss is high, 
moderate or low in nine catego¬ 
ries: modification of data files and 
programs; destruction or loss of 
hardware; destruction or loss of 
lata files and programs; destruc¬ 
tion or loss of documentation; dis¬ 
closure of data files and programs; 
disclosure of documentation; dis¬ 
ruption of hardware; disruption of 


data files and programs; and dis¬ 
ruption of documentation. As you 
fill in your degree of exposure in 1 
each category, it only takes a sec- < 
ond to recognize where you need to 1 
concentrate your efforts. < 

Step three directs you to a 1 
list of methods to increase your se¬ 
curity based on your i 
answers in the nine cat¬ 
egories of the exposure i 

ranking table. For ex- i 

ample, if you judged 
your exposure was « 

“low” under the unau- < 

thorized disclosure of < 

data files or programs, 1 

you’re instructed to is- 1 

sue a policy statement i 

about security, use * 

locking devices if the * 

equipment is easily ac- '• 

cessible, and use password protec- ■ 

tion with communications soft¬ 
ware. For “moderate risks,” use 
password protection on all files, 
store software in an on-site vault, 
and lock backups in a cabinet or 
desk. If you ranked your risk 
“high,” use encryption or scram¬ 
bling of data, assign level of pass- . 
words, prevent access to equip¬ 
ment by non-authorized personnel, i 

and have regular backups off-site. < 

✓ Step three gives instructions 1 
for a range of security precau- ’ 
tions: maintain records of equip- ; 
ment serial numbers; perform pe- < 
riodic inventories; obtain adequate ' 
insurance; use computer furniture 1 
and equipment that has locking de- < 
vices; arrange for backup facili- i 
ties; use power-line surge protec¬ 
tors or battery backup power i 
systems; use hidden files and di- 1 
rectories and backup procedures. 

l/* Finally, step four suggests i 
that the results be monitored and 1 
procedures constantly re-evaluat- '< 
ed. The one-time fix rarely works. 1 
If management does not stay in¬ 
volved, the ongoing controls proba- i 
bly will be neglected. 

To obtain your free copy, con¬ 
tact Ernst & Whinney and ask for 
booklet number 42597. 
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